Sunday, May 29, 2022 // (IG): BB //Weekly Sponsor: UNDERWORLD BJJ
Threats in the shadows: Combatting RF attacks with geofencing
FROM THE MEDIA: There are no shortages of attack vectors that cybercriminals can use to infiltrate an enterprise. From phishing and malware to routers and HVAC systems, security teams are already spread thin, and now they can add shadow IT to their list of security concerns.
Shadow IT is a broad term covering the use of systems, devices, software, applications, and services without the knowledge or approval of IT departments. Of particular concern are mobile and IoT devices being brought into an office, facility or campus. Many of these devices contain radio frequency (RF) vulnerabilities that can be exploited from outside the facility.
READ THE STORY: Venturebeat
New Windows Subsystem for Linux malware steals browser auth cookies
FROM THE MEDIA: Hackers are showing an increased interest in the Windows Subsystem for Linux (WSL) as an attack surface as they build new malware, the more advanced samples being suitable for espionage and downloading additional malicious modules. As the name of the feature implies, WSL allows running native Linux binaries to run on Windows in an environment that emulates the Linux kernel.
READ THE STORY: Bleeping Computer
142 million data records stolen from MGM resorts published on Telegram
FROM THE MEDIA: The massive trove of data records was discovered by security researchers at vpnMentor who found the data stored in four archived files on Telegram totaling 8.7GB of data. These records belong to an estimated 30 million people whose data was previously stored by MGM Resorts International.
MGM resorts suffered a widely-publicized data breach in the summers of 2019 which involved a threat actor gaining unauthorized access to one of the resort’s cloud servers and reportedly stole the data repository in question. MGM did not publicise the security incident, but it did inform all affected customers to comply with local data breach notification laws.
READ THE STORY: Teiss
GoodWill: New ransomware forces victims to donate money and clothes to the poor
FROM THE MEDIA: As if ransomware couldn’t get any darker. The sinisterly-named GoodWill was detected in India by cybersecurity firm CloudSEK in March 2022 and demands victims donate clothes and food to those in need, in exchange for recovery of their data. The modern Robin Hood cyber villains spreading the GoodWill, unlike most hoodwinks, are not motivated by money or bitcoin, but by social justice.
“Team GoodWill is not hungry (for) Money and Wealth but kindness,” is their welcome message before an “actor” blackmails the victim, while the program sets about encrypting documents, photos, videos and databases to render them inaccessible.
READ THE STORY: The Big Smoke
LAPSUS$ struck T-Mobile multiple times in March, stole source codes
FROM THE MEDIA: The security breach was first discovered and reported by security journalist Brian Krebs in late April. Krebs reviewed a copy of private chat messages between members of the Lapsus$ hacker group. The chats indicated that Lapsus$ breached T-Mobile multiple times in March and stole source code for a range of company projects.
It is known that Lapsus$ operated via its Telegram channel which soon gained popularity after the group started using it as THE medium to leak sensitive data stolen from victim corporations. However, the messages obtained by Krebs was from another Telegram channel that was used by the core seven members of the group. “KrebsOnSecurity recently received a week’s worth of these private conversations between LAPSUS$ members as they plotted their final attacks late last month,” the post read.
READ THE STORY: Teiss
BlackCat ransomware gang targets Austrian state, demands a $5m ransom
FROM THE MEDIA: Carinthia is Austria’s southernmost state and is home to over half a million predominantly German-speaking people. In the local language, the state is known as Kärnten and is also called Koroška in Carinthian Slovene dialects.
The state was recently targeted by the notorious BlackCat ransomware group which chose to target public services offered by the state government to force the administration into paying a fat ransom.
READ THE STORY: Teiss
Reliance on technology sparks hacker fears
FROM THE MEDIA: Fears have been raised following a University of Cambridge report that claimed the race to use more on-farm artificial intelligence (AI) comes with ‘substantial potential risks for farms, farmers and food security that are poorly understood and under-appreciated.’
The study, published in the Nature Machine Intelligence journal, found that while the new technologies herald a revolution in crop spraying and horticultural harvesting, neither the Government nor the larger agricultural industries have fully researched how robust this new technology may be in the face of ransomware or malicious hackers.
READ THE STORY: Farmers Guardian
Ransomware Goes to Business School
FROM THE MEDIA: What do ransomware and big business have in common? More than you might expect. That’s not a swipe at capitalism or Big Tech. (There are plenty of other places you can go for that.) It’s merely a recognition of how rapidly the business operations of today’s “top” ransomware operators have evolved. They’re now behaving more like the major enterprises they’re robbing, according to cybersecurity experts.
Ransomware gangs are renting out office spaces IRL, springing for graphic designers to spruce up their public web presence, and even offering prompt and courteous customer service for victims and clients. “From the outside [these gangs] look just like some other legit tech company,” says Jeremy Kirk, a cybersecurity journalist and host of The Ransomware Files, a podcast dedicated to covering stories of ransomware attacks.
READ THE STORY: The Wire
Miscreants Attacking Zoom With Malware; Security On Users' Systems Being Compromised
FROM THE MEDIA: When it comes to video conferencing, Zoom is among the most popular platforms in the world. With hundreds of millions of daily active users, the platform hosts multiple online meetings including business conferences, project management meetings and even online classes. However, as the platform caters to such a wide variety of users. it has grabbed the attention of hackers and bad actors.
According to a recent report by Google's Project Zero, hackers are using Zoom to target users around the world. Using the video conferencing platform, bad actors are sending a simple message to target users, putting their devices at risk. Now, unlike other spam messages, hackers are using some new technique wherein the user does not even need to interact with the message. All the hacker needs to do is send a message to a Zoom user over the XMPP protocol to compromise the user's system and deploy malware.
READ THE STORY: Republic World
Hackers wage war on Russia’s largest bank
FROM THE MEDIA: Hackers have flooded the dark web with credit card details stolen from Russia’s largest bank as cybercriminals target the country in the wake of the Ukraine invasion. The card details of 113,476 Sberbank customers have leaked onto the dark web since the conflict began, according to research by data intelligence firm Cyberint, where they are being advertised for sale to fraudsters.
This is almost 10 times the number circulating on illicit websites before the conflict began. Sberbank has been hit by international sanctions since Vladimir Putin launched his war. Cyber experts said this has made it more vulnerable to hackers because it is easier to con distracted staff into sharing sensitive details.
READ THE STORY: Telegraph
How our pro-Brexit group was hacked by Russia
FROM THE MEDIA: Britain is not at war with Russia but in cyberspace Russian activity against Ukraine and its allies is unrestrained, as I have recently found. Indeed, it is flattering 18 years after my retirement as head of MI6 to be still considered a worthwhile target of a cyber-attack by the Kremlin.
The story of how I and a small group of pro-Brexit individuals were hacked by the Russian state and accused of plotting to overthrow the British government begins in 2017. A number of citizens, concerned that the Brexit vote of 2016 was being subverted, met in a pub to see whether they could do something about it. As a joke, they nicknamed this ‘Operation Surprise’ after the pub we were in. You might think this was a perfect example of grassroots democracy – except that nothing came of it, and the little group never met again.
READ THE STORY: Spectator
Hacker tastes own medicine as community gets back stolen NFTs
FROM THE MEDIA: Tales of traders getting scammed out of their nonfungible tokens were quite common at the peak of the NFT boom. However, in an interesting turn of events, the Solana community came together to “scam” a scammer in order to get back some stolen NFTs.
It all started with the Discord channel hack of cross-chain gaming development studio Uncharted NFT, where scammers managed to drain 109 user wallets. The scammers got away with 150-plus SOL tokens and 25 World of Solana (WOS) NFTs, including three rare and highly valuable digital collectibles.
READ THE STORY: CoinTelegraph
General Motors Hacked In Cyberattack, Personal Data Exposed
FROM THE MEDIA: n this age of technology, data and information privacy is just as important as the cash on your wallet. There are several things hackers can access as long as they have the right information – none of them benefit the owner.
Apparently, General Motors is one of the recent victims of cyberattacks. In the company's notice of breach, GM noticed the suspicious logins from April 11 to 29, 2022 on online customer accounts, which led to unauthorized redemption of gift cards using the customers' reward points. GM said that the feature was disabled as soon as the hacking was discovered.
READ THE STORY: Motor 1
Israeli private detective used Indian hackers in job for Russian oligarchs: court filing
FROM THE MEDIA: An Israeli private investigator currently in U.S. custody used Indian hackers to conduct surveillance operations for ultra-wealthy Russians, a reporter said in a court filing late Wednesday. Independent journalist Scott Stedman told a court in New York that jailed private detective Aviram Azari worked "on surveillance and cyber-intelligence operations at the behest of Russian oligarchs," citing a mix of public reporting and confidential sources. Stedman said in a declaration that one of the Russian oligarchs concerned was aluminum tycoon Oleg Deripaska, whom he said indirectly employed Azari in connection with a business dispute in Austria.
READ THE STORY: Economic Times
Cyber threats and supply chain: back to basics
FROM THE MEDIA: The more extensive the supply chain, the more the risk surface increases. Coupled with the extension of telecommuting and the multiplication of connections, the task of the CISO becomes arduous. There are many answers, but in the face of complexity, it is critical to apply basic security measures.
Fifteen years ago, it was “simple” for a CISO or CIO to detect an anomaly on his or her network, and also quite simple to protect against attacks. Most of these attacks were carried out by humans and not by computer networks via entry points from various hardware and software. Another major change is the supply chain. Where a small or medium-sized company used to use only a few components to make its product, today the components come from several hundred companies around the world. The example of the cell phone alone speaks for itself: the components and assembly are still made abroad. This implies that a company must trust by default those who manufacture and assemble these components. This can be a risky bet.
READ THE STORY: technative
This Horrifying WhatsApp Scam Can Hijack Your Account With Just A Phone Call
FROM THE MEDIA: A horrifying new WhatsApp scam can steal access to your account with just a phone call! Know how to avoid this threat. Whether it is email, SMS, bank account logins, or social media, cybercrime is expanding its reach into each and every facet of our daily lives. And guess what, now the most used messaging application, WhatsApp has become the platform for cyber fraud in a new way. WhatsApp scams are happening way too frequently these days with hackers adopting new tactics to dupe innocent users to take control of their data, especially dealing with bank accounts. Now, another way has been found by hackers that is even more insidious. This WhatsApp scam allows hackers to take control of your account with just a phone call! And that’s it! Just a phone call and your WhatsApp account access will be in the hands of cybercriminals.
READ THE STORY: Global Circulate
Quantum internet within grasp as scientists show off entanglement demo
FROM THE MEDIA: Researchers in the Netherlands have shown they can transmit quantum information via an intermediary node, a feature necessary to make the so-called quantum internet possible. In recent years, scientists have argued that the quantum internet presents a more desirable network for transferring secure data, in addition to being necessary when connecting multiple quantum systems. All of this has been attracting investment from the US government, among others. Despite the promise, there are still vital elements missing for the creation of a functional quantum internet.
READ THE STORY: The Register
Fighting the rising tide of rogue apps
FROM THE MEDIA: We're battling a swell of rogue apps, and companies and consumers alike are struggling to keep their heads above water as these applications quickly become the tool of choice for fraudsters. According to our recent fraud data, rogue apps now make up 39 percent of global fraud attacks, growing at a rate of 50 percent per quarter.
Rogue apps attempt to impersonate a brand's application with the intent of committing financial fraud. They have the ability to wreak havoc on consumers and organizations alike, with financial institutions being a particular target.
READ THE STORY: BetaNews
Port of London Authority suffers a DDoS attack, Iranian threat group claims responsibility
FROM THE MEDIA: The Port of London Authority (PLA) is a self-funded public trust that maintains and supervises the Port of London. The PLA’s authority extends over the Tideway of the River Thames down into Kent and Essex to Teddington Lock towards the North Sea end and the trust oversees 200,000 commercial/leisure vessels.
On May 24, the trust said it suffered a ‘Distributed Denial of Service’ (DDoS) attack targeting its websites but its operations were not affected as a result. “We are investigating a ‘Distributed Denial of Service’ attack on our websites. All our operational systems are unaffected. Thanks for your patience,” PLA Tweeted.
READ THE STORY: Teiss
Hacker steals database of Verizon employees, tries to ransom it for $250K
FROM THE MEDIA: Database that includes the full name, email address, corporate ID numbers, and phone numbers of several Verizon employees was compromised with the hacker holding it for a $250,000 ransom, a media report says. According to Motherboard, the hacker said they reached out to Verizon and shared the email that he sent to the company. "Please feel free to respond with an offer not to leak you're (sic) entire employee database," the hacker wrote in the email.
READ THE STORY: National Herald India
The mystery of China’s sudden warnings about US hackers
FROM THE MEDIA: For the best part of a decade, US officials and cybersecurity companies have been naming and shaming hackers they believe work for the Chinese government. These hackers have stolen terabytes of data from companies like pharmaceutical and video game firms, compromised servers, stripped security protections, and highjacked hacking tools, according to security experts. And as China’s alleged hacking has grown more brazen, individual Chinese hackers face indictments. However, things may be changing.
Since the start of 2022, China’s Foreign Ministry and the country’s cybersecurity firms have increasingly been calling out alleged US cyberespionage. Until now, these allegations have been a rarity. But the disclosures come with a catch: They appear to rely on years-old technical details, which are already publicly known and don’t contain fresh information. The move may be a strategic change for China as the nation tussles to cement its position as a tech superpower.
READ THE STORY: Ars Technica
Items of interest
Israeli arrested in US over alleged hacking operations for Russian oligarchs
FROM THE MEDIA: An Israeli private investigator currently in US custody used Indian hackers to conduct surveillance operations for ultra-wealthy Russians, a reporter said in a court filing late Wednesday.Independent journalist Scott Stedman told a court in New York that jailed private detective Aviram Azari worked "on surveillance and cyber-intelligence operations at the behest of Russian oligarchs," citing a mix of public reporting and confidential sources. Stedman said in a declaration that one of the Russian oligarchs concerned was aluminum tycoon Oleg Deripaska, whom he said indirectly employed Azari in connection with a business dispute in Austria.
Deripaska's spokeswoman said in an email that the allegations were "blatantly untrue." A lawyer for Azari, who last month pleaded guilty to conspiracy to commit hacking and aggravated identity theft in a separate case, did not return messages. Independent journalist Scott Stedman told a court in New York that jailed private detective Aviram Azari worked "on surveillance and cyber-intelligence operations at the behest of Russian oligarchs," citing a mix of public reporting and confidential sources.
Stedman said in a declaration that one of the Russian oligarchs concerned was aluminum tycoon Oleg Deripaska, whom he said indirectly employed Azari in connection with a business dispute in Austria.
Deripaska's spokeswoman said in an email that the allegations were "blatantly untrue." A lawyer for Azari, who last month pleaded guilty to conspiracy to commit hacking and aggravated identity theft in a separate case, did not return messages.
READ THE STORY: Israel Hayom
Block Notifies 8.2 Million Customers Following Cash App Investing Data Breach (Video)
FROM THE MEDIA: Block Notifies 8.2 Million Customers Following Cash App Investing Data Breach
Project 2030: Scenarios for the Future of Cybercrime (Video)
FROM THE MEDIA: It’s the year 2030. Cybercrime has evolved. How can individuals and industries protect themselves as automation, machine learning, and the digital supply chain leave them more vulnerable than ever? Trend Micro’s Rik Ferguson, VP security research, discusses his predictions for the 2030 Project and the lessons they hold for cybersecurity right now.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com